Role of the Australian Information Commissioner

is consulted about the development, variation or revocation of codes and standards under the Telecommunications Act 1997 (Telecommunications Act) that deal with privacy matters.

has the power to monitor compliance with the record-keeping requirements contained in Part 13 of the Telecommunications Act, which requires telecommunications carriers and carriage service providers to keep records of certain disclosures of personal information.

has oversight of telecommunications carriers and carriage service providers’ handling of telecommunications data collected under the data retention scheme, which is deemed to be personal information within the meaning of the Privacy Act.

A ‘carriage service provider’ uses a carriage service to supply phone and/or internet services to the public. The carriage service provider (not the carrier) has direct contact with consumers.

Telecommunications industry codes and standards

Part 6 of the Telecommunications Act provides for the development of industry codes and standards on any matter that relates to a telecommunications activity, which is defined in section 109 of the Act. Codes can be submitted to the ACMA by industry bodies for registration and, where the ACMA is satisfied that the code meets stipulated criteria, it is obliged to include the code on a codes register. Under ss 117 and 134 of the Telecommunications Act, the Information Commissioner must be consulted on codes and standards which deal directly or indirectly with a matter dealt with by the Privacy Act. The codes are voluntary, but the ACMA has the power to direct entities within its jurisdiction to comply with a code.

Records of disclosures of personal information

Part 13 of the Telecommunications Act sets out strict rules for carriers, carriage service providers and others in their use and disclosure of personal information. The Privacy Act 1988 (Privacy Act) defines ‘personal information’ in s 6(1) as any ‘information or an opinion about an identified individual, or an individual who is reasonably identifiable:

whether the information or opinion is true or not; and

whether the information or opinion is recorded in a material form or not.’

What constitutes personal information will vary, depending on what can be identified or is reasonably identifiable in a particular circumstance.

The Information Commissioner has the power to monitor compliance with Part 13, Division 5 of the Telecommunications Act, which requires carriers and carriage service providers to make records of certain disclosures of personal information, including disclosures of telecommunications data collected and retained under the data retention scheme (see below) to law enforcement agencies.

The OAIC has produced a business resource to assist telecommunication service providers to understand their obligations to maintain records of disclosures under ss 306 and 306A of the Telecommunications Act 1997. The resource includes a checklist to help providers ensure the relevant requirements are met when creating records of disclosures.

If you think that a carrier has not complied with the Telecommunication Act you can make a complaint.

Telecommunications (Interception and Access) Act

Under the TIA Act the Australian Security and Intelligence Organisation (ASIO) and certain domestic law enforcement agencies can authorise the disclosure of telecommunications data by a carrier or carriage service provider, including telecommunications data collected and retained under the new data retention scheme. Under s 183(3) of the TIA Act, the Information Commissioner must be consulted about requirements relating to the form of those authorisations.

Data retention scheme

In March 2015, the Australian parliament passed legislation to introduce a data retention scheme into Part 5-1A of the TIA Act.